The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill instructs the user to clone an untrusted third-party repository (github.com/wwwzhouhui/jimeng-free-api-all.git) and execute a Python script from it (scripts/logout-sessions.py) as seen in references/seedance.md.
[EXTERNAL_DOWNLOADS]: The documentation provides commands to download and run a Docker image from an untrusted individual's account (wwwzhouhui569/jimeng-free-api-all:latest) in SKILL.md.
[COMMAND_EXECUTION]: The troubleshooting section includes a command that pipes output from a network request directly into the Python interpreter: curl -s http://localhost:8000/v1/models | python3 -m json.tool. This pattern is risky as a compromised or malicious local service could return executable code.
[EXTERNAL_DOWNLOADS]: The skill directs the user to perform pip install playwright && playwright install chromium, which downloads and executes binaries from external registries without integrity verification.
[CREDENTIALS_UNSAFE]: The skill accesses and sources sensitive credentials (JIMENG_SESSION_ID) from .env files located in the project directory and the user's home directory (~/.nby-skills/nby-jimeng-api/.env).
[INDIRECT_PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from an external API without sanitization.
Ingestion points: Reads JSON responses containing model lists, task statuses, and revised_prompt fields from localhost:8000 (documented in SKILL.md and references/api-detail.md).
Boundary markers: No delimiters or instructions to ignore embedded commands are present when handling API output.
Capability inventory: The skill uses Bash, Read, and Write tools to execute powerful commands like docker, curl, git, and python3.
Sanitization: There is no evidence of validation or escaping for data returned by the API service before it is used by the agent.

nby-jimeng-api